Skip to content

Hide Navigation Hide TOC

Potential Abuse of Linux Magic System Request Key (ea61bb82-a5e0-42e6-8537-91d29500f1b9)

Detects the potential abuse of the Linux Magic SysRq (System Request) key by adversaries with root or sufficient privileges to silently manipulate or destabilize a system. By writing to /proc/sysrq-trigger, they can crash the system, kill processes, or disrupt forensic analysis—all while bypassing standard logging. Though intended for recovery and debugging, SysRq can be misused as a stealthy post-exploitation tool. It is controlled via /proc/sys/kernel/sysrq or permanently through /etc/sysctl.conf.

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Abuse of Linux Magic System Request Key (ea61bb82-a5e0-42e6-8537-91d29500f1b9) Sigma-Rules Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 1
Potential Abuse of Linux Magic System Request Key (ea61bb82-a5e0-42e6-8537-91d29500f1b9) Sigma-Rules System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 1
Potential Abuse of Linux Magic System Request Key (ea61bb82-a5e0-42e6-8537-91d29500f1b9) Sigma-Rules Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 1
Potential Abuse of Linux Magic System Request Key (ea61bb82-a5e0-42e6-8537-91d29500f1b9) Sigma-Rules Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2